We compared AlienVault OSSIM and Wazuh based on our user's reviews in several parameters.
According to user reviews, AlienVault OSSIM is praised for its comprehensive threat detection, real-time monitoring, and strong asset management capabilities, while Wazuh is highlighted for its advanced threat detection, seamless integration with other tools, and easy installation process. AlienVault OSSIM users appreciate the customer service and pricing structure, while Wazuh users value the customer support and flexible licensing options. However, AlienVault OSSIM users desire improvements in the user interface and documentation, while Wazuh users suggest enhancements in system resource consumption. Overall, both products offer positive ROI and efficient security monitoring capabilities.
Features: AlienVault OSSIM stands out for its comprehensive threat detection and strong asset management capabilities. On the other hand, Wazuh is known for its advanced threat detection, efficient log analysis, and flexibility in tailoring the solution to specific needs.
Pricing and ROI: AlienVault OSSIM has been positively evaluated for its pricing, setup cost, and licensing. Users find the pricing structure reasonable and affordable. The setup process is straightforward and requires minimal effort. AlienVault OSSIM offers flexible licensing options. In comparison, Wazuh is also considered cost-effective with reasonable pricing options. The setup cost is hassle-free and the licensing is customizable., AlienVault OSSIM has been praised for its valuable and efficient security monitoring capabilities, cost-effectiveness, and ability to address security threats effectively. On the other hand, Wazuh users have reported various benefits and advantages from using the product.
Room for Improvement: Users have identified room for improvement in both AlienVault OSSIM and Wazuh. AlienVault OSSIM needs enhancements in user interface, documentation, support, customization, and integration capabilities. Wazuh could benefit from improvements in interface, documentation, configuration options, and system resource consumption.
Deployment and customer support: The reviews for AlienVault OSSIM highlight varying timeframes for the different phases of establishing a new tech solution. Some users took three months for deployment and an additional week for setup, while others only needed a week for both. In contrast, the reviews for Wazuh emphasize the importance of considering both deployment and setup timeframes. Some users spent three months on deployment and a week on setup, while others required a week for both., Customers have expressed positive feedback about the customer service provided by both AlienVault OSSIM and Wazuh. Users appreciate the helpful and responsive team of AlienVault OSSIM, while Wazuh's customer service is commended for their knowledge, efficiency, and helpfulness.
The summary above is based on 41 interviews we conducted recently with AlienVault OSSIM and Wazuh users. To access the review's full transcripts, download our report.
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"You can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today... but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer."
"The UI-based analytics are excellent."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"The most valuable feature is the logging capability."
"The paid version of the solution has reporting and better scalability options."
"The threat alerts it gives me from time to time on harmful code within the network, or if they are generating any network traffic, are very useful."
"The tool's security detection is good. It helps us with login tracking and generating reports. We aim to identify potential issues, such as brute-force attacks on user accounts or server-level anomalies. For instance, if I receive a report indicating a server is at an abnormal level, I investigate and address the issue."
"Better than other SIEM solutions because almost everything can be integrated."
"Asset discovery is good."
"The most valuable features of AlienVault OSSIM are case management, ease of configuration, and investigation."
"AlienVault OSSIM's GUI is very user-friendly."
"It is a stable solution."
"Wazuh is simple to use for PCI compliance."
"One of the most beneficial features of Wazuh, particularly in the context of security needs, is the machine learning data handling capability."
"The tool is stable."
"Wazuh has very flexible and robust features."
"It's stable."
"Wazuh's best features are syscheck, its ability to immediately resolve vulnerabilities, and that it's open source."
"Wazuh offers an enhanced HDR version that outperforms its competitors."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"The user interface needs to be friendlier across the board."
"It's so hard to configure and explore something new on it."
"GUI could be improved."
"The documentation could be improved."
"The initial setup was a bit complex. You've got to do a lot of reading. It's not an intuitive implementation."
"AlienVault OSSIM’s configuration and integration could be a little easier."
"It takes some time. It does not give me a prompt response for any such [malicious] traffic. It takes time to get that alert from the AlienVault system."
"When comparing AlienVault OSSIM to other solutions it looks a bit outdated. Additionally, they need to improve their integration."
"A lack of certain features creates limitations."
"We would like to see more improvements on the cloud."
"There could be a hardware monitoring tool for the solution."
"The only challenge we faced with Wazuh was the lack of direct support."
"Log data analysis could be improved. My IT team has been looking for an alternative because they want better log data for malware detection. We are also doing more container implementation also, so we need better container security, log data analysis, auditing and compliance, malware detection, etc."
"Wazuh is missing many things that a typical SIEM should have."
"Its user interface for sure can be improved. It is not so comfortable to use if you're looking for specific logs."
"The tool doesn't detect anomalies or new environments."
AlienVault OSSIM is ranked 14th in Security Information and Event Management (SIEM) with 27 reviews while Wazuh is ranked 3rd in Security Information and Event Management (SIEM) with 38 reviews. AlienVault OSSIM is rated 7.4, while Wazuh is rated 7.4. The top reviewer of AlienVault OSSIM writes "An easy-to-scale open-source solution used for monitoring events on devices ". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". AlienVault OSSIM is most compared with Elastic Security, USM Anywhere, Splunk Enterprise Security, Fortinet FortiSIEM and AWS Security Hub, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security, Graylog and CrowdStrike Falcon. See our AlienVault OSSIM vs. Wazuh report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.